Mobile's Security Problem

By: Becky Bracken

Securing a mobile network is a bit like playing dodgeball in the dark: you know you’re going to get hit, but you have no idea when or from where. That presents real challenges for mobile network operators (MNOs) preparing for a future of revenues generated by services like mobile banking, healthcare and even connected cars, all of which demand highly secure environments. And, unfortunately, there are several factors working against the achievement of that goal, most notably the explosion of devices accessing networks that provide exponential opportunities to compromise those networks.

According to Symantec’s 2013 Norton Report, almost two-thirds of the people who were surveyed own smartphones and nearly one-third own tablets, but mobile vulnerabilities doubled between 2010 and 2011. 

That statistic reveals the challenge MNOs face when trying to secure their networks, but home networks are also incredibly vulnerable. In its “Malware Report—Q2 2013,” Kindsight Security Labs, a subsidiary of Alcatel-Lucent, claims that 10 percent of home networks (and at least 0.52 percent of mobile devices) were infected by malware in the second quarter of this year, up 1 percent from the first quarter, while 6 percent of broadband customers’ computers were contaminated with bots, rootkits and banking-related Trojan horses.

“Malware and cybersecurity threats continue to be a growing problem for home networks and mobile devices, particularly for Android smartphones and tablets, which are increasingly targeted,” said Kevin McNamee, the security architect and director of Alcatel-Lucent's Kindsight Security Labs. “Users often don’t take the appropriate security precautions for their mobile devices, and even when they do, a malicious app can easily evade detection by [a] device-based antivirus.”

It’s hardly shocking that home networks and Android malware have found their way to the top of the list of threats to mobile-network security. And when these vulnerabilities are exposed, it’s a pretty embarrassing affair for service providers and MNOs.

Last year iSEC Partners discovered a security hole in femtocells that allows a hacker to see every transaction a user makes on his or her mobile phone. Femtocells employed by Verizon’s 3G CDMA network were the focus of the firm’s research, but iSEC senior security consultant Tom Ritter believes that similar flaws exist on other network-extending apparatuses.

“We see everything that your phone would send to a cell-phone tower: phone calls, text messages, picture messages, mobile web surfing,” he said after conducting a test of the security breach for CNNMoney in July. In response, a spokesman for Verizon said the hole had been addressed and fixed.

Earlier this year Bluebox Labs, the research division of Bluebox Security, unearthed a potentially catastrophic hole in the Android “master key” that leaves 99 percent of such devices susceptible to hacking, says CTO Jeff Forristal.